Deeplinks Blog posts about Open Wireless

“Kenya to require users of public Wi-Fi to register with government,” reads a July 1 Ars Technica headline. At first glance, the east African country’s proposed regulations appeared to extend their reach beyond even that broad subset of Kenyan Internet users. According to quotes from officials included in the article, the new rules would require all users of any device with wireless networking capabilities, not just public Wi-Fi routers, to register their equipment with either their Internet service providers or the Kenya Network Information Centre (KENIC).

Even correcting for what seems to be overbroad interpretation of the final regulations, Kenya's plans risk invading the privacy of the majority of its non-mobile Internet users, as well as chasing legitimate anonymous speakers from the country's Internet.

The vision of a world of shared open wireless is a compelling one—it means that wherever you go in an urban or other covered area, the connected devices that you own now (and new devices that are today only on the drawing board) will enjoy immediate, seamless, private, and free access to the global Internet. But such a world might exclude Europe, depending on the outcome of a pending case there that calls the viability of open wireless networks into question. EFF and its partners have formulated an open letter—which you can read here or below—presenting our views on why a result that threatens open wireless would be a serious loss to innovators, small businesses, travelers, emergency services and users at large.

For the past few years, EFF and a coalition of other organizations has been campaigning for more and better Open Wireless networks. Unlocked, password-free wireless networks are in many respects the most convenient, efficient, and privacy-protective way to access the Internet, and running one is a considerate and neighbourly thing to do. But typical router hardware does not support open wireless very well, making it tricky or impossible for households to share some portion of their bandwidth without potentially slowing down their own connections.

This post explores what the essential features that make for a good open router, and three paths could get us there: out-of-the-box support from router manufacturers; standalone firmware; and features in open source router projects like OpenWRT.

Dan Geer, Chief Information Security Officer of CIA’s venture capital arm, didn't mince words when he mentioned the security flaws in home routers during his keynote address at last month's Black Hat conference in Las Vegas. But he also noted a small silver lining around the dark cloud of router security: people are starting to take the problem much more seriously. As he noted, the "SOHOpelessly Broken" DEFCON hacking contest, co-presented by Independent Security Evaluators and EFF, is drawing attention to security vulnerabilities in routers with the goal of helping to get them fixed.

As part of our Open Wireless Movement, we set out to create router software that would make it easier for people to safely and smartly share part of their wireless network. Protecting hosts, so their security is not compromised because they offer open networks, is one of the goals of the router software we released. However, as research published by Independent Security Evaluators (ISE) and others has shown, almost every popular home router has serious security flaws.

In developing the router software, we realized that we also needed to tackle the more fundamental problem of home router security. Instead of just creating an open-wireless friendly router, why not work to improve router security while we're at it?